How to Install CSF Firewall on VestaCP CentOS and Enable CSF firewall GUI

In this tutorial we’ll be enabling CSF firewall under Vestacp (also works with any Centos/rhel os) and add link to VESTA menu in order to access the CSF firewall GUI. CSF firewall comes with many features and indeed simple to use gui. ConfigServe Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings. CSF configures your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites.

this tutorial exclusively for centos vestacp users

First install required packages for CSF

yum install perl-GDGraph perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN perl-IO-Socket-INET6 perl-Socket6 perl-Crypt-SSLeay perl-Net-SSLeay perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch

Disable Fail2ban and Firewalld service if you’re running it :

service firewalld stop
service fail2ban stop

If you don’t need this services disable it or remove it.

Install CSF firewall :

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

then go to /etc/csf and edit csf.conf :

yum install nano -y
nano csf.conf

Find TESTING and change this configs :

TESTING = "1"

change it to

TESTING = "0"

Find RESTRICT_SYSLOG :

RESTRICT_SYSLOG = "0"

Change it to

RESTRICT_SYSLOG = "3"

Also ensure this ports are listed :

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,8083"

Save the config file and restart :

csf -r

You can now go to Vestacp admin to see CSF menu

That’s it you’ve done installation of csf under VestaCP

Commands for CSF

Stop the firewall / Flush the rules

csf -f

Restart the firewall

csf -r

Add an IP to the whitelist

csf -a

Blacklist an IP ( the IP won’t be able to connect to the server)

csf -d

Remove an IP from the allow list

csf -ar

Remove an IP from the deny list

csf -dr

Update/upgrade CSF

csf -u

Disable CSF and LFD

csf -x

Enable CSF and LFD

csf -e

How to Install CSF Firewall on VestaCP CentOS and Enable CSF firewall GUI

First install required packages for CSF

Commands for CSF

Stop the firewall / Flush the rules

Restart the firewall

Add an IP to the whitelist

Blacklist an IP ( the IP won’t be able to connect to the server)

Remove an IP from the allow list

Remove an IP from the deny list

Update/upgrade CSF

Disable CSF and LFD

Enable CSF and LFD

Install mod_evasive in CWP Apache and prevent from DDOS attacks

How to copy all Immutable files attribute from one server to another server

How to check SMTP port 25 is open for email sending out

How to Enable Query Cache in MariaDB for Performance in CWP/hestiacp/Centos/Ubuntu

Install Nodejs 18 on Centos Stream 8/9 Almalinux 8/9 Rockylinux 8/9

How to find Big files in Linux – CWP/Centos/Ubuntu/Debian

12 Systemctl commands list for System Admins

Handy CSF firewall Commands for System Admins